Moderate: openssh security, bug fix, and enhancement update

Synopsis

Moderate: openssh security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for openssh is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

The following packages have been upgraded to a later upstream version: openssh (8.0p1). (BZ#1691045)

Security Fix(es):

• openssh: scp client improper directory name validation (CVE-2018-20685)
  
• openssh: Improper validation of object names allows malicious server to overwrite files via scp client (CVE-2019-6111)
  
• openssh: Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat Enterprise Linux for IBM z Systems 8 s390x
• Red Hat Enterprise Linux for Power, little endian 8 ppc64le
• Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

• BZ - 1665785 - CVE-2018-20685 openssh: scp client improper directory name validation
• BZ - 1666119 - CVE-2019-6109 openssh: Missing character encoding in progress display allows for spoofing of scp client output
• BZ - 1666127 - CVE-2019-6111 openssh: Improper validation of object names allows malicious server to overwrite files via scp client
• BZ - 1667519 - ssh-copy-id hangs when the remote system is out of space
• BZ - 1668325 - openssh - man pages do not mention crypto-policies
• BZ - 1683295 - Kerberos cleanup procedures do not work with GSSAPIDelegateCredentials and default ccache from krb5.conf
• BZ - 1685096 - In FIPS mode, during DH group exchange, OpenSSH client should validate the received moduli, making sure it is one of the known groups.
• BZ - 1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0
• BZ - 1691045 - Rebase OpenSSH to latest release (8.0p1?)
• BZ - 1707485 - Use high-level API to do signatures
• BZ - 1712436 - MD5 is used when writing password protected PEM
• BZ - 1732424 - ssh-keygen -A fails in FIPS mode because of DSA key
• BZ - 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy

CVEs

• CVE-2018-20685
• CVE-2019-6109
• CVE-2019-6111

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/